Connecticut Announces First Enforcement Settlement Under CTDPA

Cynthia J. Larose

Email

617-348-1732

Bio and Articles

Find Your Next Job !

Associate Litigation Attorney

Paralegal - Illinois

Social Services Attorney

Explore More Job Openings

No More Warnings: Ignoring AG Costs $85,000

by: Cynthia J. Larose of Mintz - Mintz Insights

Monday, July 21, 2025

Print Mail Download info_icon_img

/>i

Connecticut Attorney General William Tong recently announced the state’s first-ever enforcement settlement under the Connecticut Data Privacy Act (CTDPA) with TicketNetwork, Inc., an online ticket marketplace. The settlement resulted from repeated warnings and notices to cure that the AG found that TicketNetwork failed to complete.

What Led to the Settlement:

Until January 1, 2025, the CTDPA provided businesses with a cure period of 60 days after a notice of violation from the Attorney General’s office. According to the settlement agreement, the initial cure notice was sent to TicketNetwork on November 9, 2023, flagging major deficiencies in the company’s privacy notice. In particular, the AG’s office alleged that the privacy notice was “largely unreadable,” missing disclosures of consumer data rights, and “misconfigured or inoperable” opt-out and data rights mechanisms. The AG’s press release stated that the company “repeatedly represented that they had resolved deficiencies when they had not done so, and failed to timely respond to follow-up correspondence.”

Under the settlement agreement, TicketNetwork has agreed to pay $85,000, implement full compliance with CTDPA requirements, and collect and report to the AG’s office on metrics relating to consumer rights requests.

“This law has now been in effect for two years. There is no excuse for continued non-compliance…”
--Attorney General William Tong

Takeaways for Businesses

Audit Privacy Notices Regularly

Ensure clarity, readability, and accurate listing of CTDPA-specific rights—access, correction, deletion, and opt-out rights.
Test Consumer Rights Mechanisms Thoroughly
Validate that consumer request channels and opt-out tools work correctly and logs are maintained. Even if you have outsourced these functionalities to a third party, test them frequently.
Stay Current on Legal Changes – Follow Mintz Consumer Privacy Law!
CTDPA has already been amended (2023), with significant updates forthcoming by July 1, 2026—update policies proactively.
Prioritize Prompt Compliance
Non-compliance with notices from a regulatory authority can lead to immediate penalties. Ensure that such notices do not end up in “dead end” email boxes that are not regularly monitored (e.g. info@CompanyXYZ.com). If your company receives a notice of violations, act quickly.

This settlement marks a significant moment in state-level privacy enforcement. Connecticut’s Attorney General is demonstrating readiness to deploy enforcement tools when necessary, signaling to businesses that robust data privacy compliance is no longer aspirational—it’s mandatory. Understand what state privacy laws apply to your business and check out your privacy notice today. If it hasn’t been updated in 12-18 months, it’s time for a review to avoid a notice of violation.